Specialist in life sciences Helen Cline of Pinsent Masons, the law firm behind Out-Law.com, said that there needs to be "a public debate about the risks and commercial rewards associated with data-sharing". Cline was commenting after new research revealed the public's attitudes towards the use of their health data by commercial organisations.

According to the Wellcome Trust's survey of 2,000 UK adults, 53% of people support the use of patient data by commercial organisations for research purposes. A further workshop the charity held with more than 200 people identified a four-step 'why; who; what; how' test that organisations would need to pass to demonstrate the legitimacy of their claims to access health data, it said.

"In general, participants used four key tests in order to judge the acceptability of a company accessing data," the Wellcome Trust said. "The company had to pass all the tests to be acceptable to them: is it for a particular public benefit and not just private profit? Can the people using my data be trusted to produce a public benefit? Am I giving sensitive data? Could it be linked back to me? Are there safeguards in place to keep my data private and secure?"

"For example, sharing data for the purposes of marketing and insurance tended not to pass the first and most important test – why the work is being done," it said. "In the qualitative work participants were wary of insurance and marketing companies using anonymised health data, for example, a private health insurance company using anonymised hospital records to help refine their premiums for critical illness cover. In these scenarios these companies were seen to be acting against the interests of individuals, motivated by their own private interest, and leading to little or no benefit for the public."

According to the Wellcome Trust's survey, 17% of the public "object to commercial organisations having access to health data under any circumstances", while just 26% said they support the sharing of "anonymised health records with insurance companies to help them develop their pricing". It said 37% of respondents would not object to marketing companies having access to anonymised health data.

Cline said that data plays a central role in delivering personalised treatments and services but that organisations that want to use health data need to gain and retain public trust in the way that data is handled and used.

"Developing a patient-first journey begins with the data," Cline said. "However, new capabilities to gather, analyse, disseminate and preserve vast quantities of patient data raise new concerns about the nature of privacy and the means by which individual privacy might be compromised or protected. It is essential that individual patients are adequately informed of the current and future use that might be made of their data and also the advantages that they may derive by making their data available for biomedical exploitation."

"The same data and analytics that provide benefits to individuals and society, if used appropriately, can also do potential harm," Cline said. "For example, large-scale analysis of research on a disease, together with health data from electronic medical records and genomic information, might lead to better and timelier treatment for individuals but also, possibly, to inappropriate disqualification from insurance or jobs."

"Instances already exist where others use patient data, usually without the patients’ knowledge or consent, to earn profits. For example, there is already a growing market for data on individual prescriptions. Patients currently do not participate in the revenues generated from their respective data being added to large repositories. Regulation aimed at letting patients participate in some way in the financial advantages derivable from their data is a complex topic, but there is a need for public debate on this issue," she said.

Cline said that the Wellcome Trust research showed that, from the patient perspective, establishing trust is essential if the techniques and tools of big data are to be successfully applied to health.

"The technology is at hand to apply big data to health, but there must be a public debate about the risks and commercial rewards associated with data-sharing," Cline said. "However, it is also important that data protection laws are not too prescriptive, since the key to extracting value from data is to be able to apply new tools and to conceive new methods and approaches for converting data into insightful information."

New guidelines for the protection of personal data in the NHS, stemming from a governnment-commissioned review, are expected to be published "imminently", the Wellcome Trust said. It said that the review "will provide advice on the wording for a new model of consents and opt-outs, to enable patients to make an informed decision about how identifiable information in their health records is used".